Anonymous_User Absent Member.
Absent Member.
209 views

Windows 2003R2 and Windows 2008R2 DC's


Hello,

We are currently running a Windows 2003R2 domain based on 7 domain
controllers. The domain is synchronized with a remote loader to a Novell
Identity Vault based on IDM 3.01. The Remote Loader is running on
fileversion 3.0.10.6614.

Now we want to add a (few) Windows 2008R2 based DC('s) to the domain so
we also have to add a password filter to these servers to support
password synchronization.

In a test environment I tried to push the password filter to a Windows
2008R2 DC from the Identity Manager PassSync application in the control
panel of the Remote Loader but that doesn't seem to work (32bit vs 64bit
I guess).

Is it possible to install a new password filter on the Windows 2008R2
servers without updating the whole IDM configuration? And, where can
these updates password filters be found?

Best regards,
Vern


--
VvdB
------------------------------------------------------------------------
VvdB's Profile: https://forums.netiq.com/member.php?userid=4788
View this thread: https://forums.netiq.com/showthread.php?t=47526

Labels (1)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Windows 2003R2 and Windows 2008R2 DC's

On 11.04.2013 11:44, VvdB wrote:
>
> Hello,
>
> We are currently running a Windows 2003R2 domain based on 7 domain
> controllers. The domain is synchronized with a remote loader to a Novell
> Identity Vault based on IDM 3.01. The Remote Loader is running on
> fileversion 3.0.10.6614.
>
> Now we want to add a (few) Windows 2008R2 based DC('s) to the domain so
> we also have to add a password filter to these servers to support
> password synchronization.
>
> In a test environment I tried to push the password filter to a Windows
> 2008R2 DC from the Identity Manager PassSync application in the control
> panel of the Remote Loader but that doesn't seem to work (32bit vs 64bit
> I guess).


yep.

> Is it possible to install a new password filter on the Windows 2008R2
> servers without updating the whole IDM configuration? And, where can
> these updates password filters be found?


64 bit password sync filter was added around the time of IDM 3.5.1 from
memory. I doubt if this is properly compatible with the IDM 3.0 AD
driver shim and remote loader.

All IDM 3.x versions are now out of general support - so your only
supported option would be to upgrade to IDM 4.0.

From an unsupported perspective, you could probably get away with
running an IDM 3.6.1 RL + Driver Shim + Password Sync against your IDM
3.0 engine (you would probably need to also install IMD 3.6.1 activation
on your existing engine to get this to work).


----------------------------------------------------------------------
Alex McHugh
NetIQ Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support is provided via email.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Windows 2003R2 and Windows 2008R2 DC's


Activation is not needed for only the RL shim.
Tried that before and it works.


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=47526

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Windows 2003R2 and Windows 2008R2 DC's


alexmchugh;228465 Wrote:
> On 11.04.2013 11:44, VvdB wrote:
> >
> > Hello,
> >
> > We are currently running a Windows 2003R2 domain based on 7 domain
> > controllers. The domain is synchronized with a remote loader to a

> Novell
> > Identity Vault based on IDM 3.01. The Remote Loader is running on
> > fileversion 3.0.10.6614.
> >
> > Now we want to add a (few) Windows 2008R2 based DC('s) to the domain

> so
> > we also have to add a password filter to these servers to support
> > password synchronization.
> >
> > In a test environment I tried to push the password filter to a

> Windows
> > 2008R2 DC from the Identity Manager PassSync application in the

> control
> > panel of the Remote Loader but that doesn't seem to work (32bit vs

> 64bit
> > I guess).

>
> yep.
>
> > Is it possible to install a new password filter on the Windows 2008R2
> > servers without updating the whole IDM configuration? And, where can
> > these updates password filters be found?

>
> 64 bit password sync filter was added around the time of IDM 3.5.1 from
> memory. I doubt if this is properly compatible with the IDM 3.0 AD
> driver shim and remote loader.
>
> All IDM 3.x versions are now out of general support - so your only
> supported option would be to upgrade to IDM 4.0.
>
> From an unsupported perspective, you could probably get away with
> running an IDM 3.6.1 RL + Driver Shim + Password Sync against your IDM
> 3.0 engine (you would probably need to also install IMD 3.6.1
> activation
> on your existing engine to get this to work).


An upgrade to IDM 4.0 is not really an option as we are migrating from a
mixed environment (eDir + AD) to an Active Directory only environment.
So the best option for us is to go for the IDM 3.6.1 scenario.

To test this I would probably have to download the IDM 3.6.1 win iso
from the Novell site and install the correct software components. Do I
have to install a new Remote Loader in the domain and new Password Sync
filters on all the domain controllers or is just installing the 3.6.1
password sync filter on the new 2008R2 DC's sufficient?


--
VvdB
------------------------------------------------------------------------
VvdB's Profile: https://forums.netiq.com/member.php?userid=4788
View this thread: https://forums.netiq.com/showthread.php?t=47526

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Windows 2003R2 and Windows 2008R2 DC's

On 11.04.2013 16:04, VvdB wrote:
>
> alexmchugh;228465 Wrote:
>> On 11.04.2013 11:44, VvdB wrote:
>>>
>>> Hello,
>>>
>>> We are currently running a Windows 2003R2 domain based on 7 domain
>>> controllers. The domain is synchronized with a remote loader to a

>> Novell
>>> Identity Vault based on IDM 3.01. The Remote Loader is running on
>>> fileversion 3.0.10.6614.
>>>
>>> Now we want to add a (few) Windows 2008R2 based DC('s) to the domain

>> so
>>> we also have to add a password filter to these servers to support
>>> password synchronization.
>>>
>>> In a test environment I tried to push the password filter to a

>> Windows
>>> 2008R2 DC from the Identity Manager PassSync application in the

>> control
>>> panel of the Remote Loader but that doesn't seem to work (32bit vs

>> 64bit
>>> I guess).

>>
>> yep.
>>
>>> Is it possible to install a new password filter on the Windows 2008R2
>>> servers without updating the whole IDM configuration? And, where can
>>> these updates password filters be found?

>>
>> 64 bit password sync filter was added around the time of IDM 3.5.1 from
>> memory. I doubt if this is properly compatible with the IDM 3.0 AD
>> driver shim and remote loader.
>>
>> All IDM 3.x versions are now out of general support - so your only
>> supported option would be to upgrade to IDM 4.0.
>>
>> From an unsupported perspective, you could probably get away with
>> running an IDM 3.6.1 RL + Driver Shim + Password Sync against your IDM
>> 3.0 engine (you would probably need to also install IMD 3.6.1
>> activation
>> on your existing engine to get this to work).

>
> An upgrade to IDM 4.0 is not really an option as we are migrating from a
> mixed environment (eDir + AD) to an Active Directory only environment.
> So the best option for us is to go for the IDM 3.6.1 scenario.
>
> To test this I would probably have to download the IDM 3.6.1 win iso
> from the Novell site and install the correct software components. Do I
> have to install a new Remote Loader in the domain and new Password Sync
> filters on all the domain controllers or is just installing the 3.6.1
> password sync filter on the new 2008R2 DC's sufficient?


I don't know - I strongly suspect that you need both updated Remote
Loader and password filter. NetIQ / Novell used to have a TID that
listed what combinations of Engine + RL versions were tested.

I just checked and it seems that now that all IDM 3.x versions are in
extended support that document has been updated to list only IDM 4.x.x
compatibility.

https://www.netiq.com/support/kb/doc.php?id=7003488

Also - IDM 4.0.2 now ships as a bundle edition (only licensed for
eDirectory / AD) that you might be entitled to if you currently run OES.


--
----------------------------------------------------------------------
Alex McHugh
NetIQ Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support is provided via email.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.